We recently published a blog about how the Empire could have won in Star Wars if only they had followed better cybersecurity practices. This, of course, leads to other fun Sci Fi related questions like “How well did they do cybersecurity-wise in Star Trek?”
Across the Star Trek franchise, security was always a high priority. In fact, they implemented many of the best practices that are recommended in cybersecurity.
- Trust but Verify All Access Requests
- Don’t Rely on Just Passwords for Authentication
- Make an Incident Response Plan
Trust but Verify All Access Requests
Even though all Federation ships and space stations are protected by shields, they don’t solely rely on those shields to protect them. Internally access to systems is controlled such that users have limited access depending on who they are. Visitors can use replicators or ask the computer about information that has been deemed publicly accessible, but they cannot get access to core systems or access confidential information. Even children who are growing up on the ships are limited to what they can access through the computer. When a user needs privileged access, they are authenticated using voice recognition and in some cases the user is required to provide an additional code.
Don’t Rely on Just Passwords for Authentication
As already mentioned, the primary authentication method used in Star Trek is voice recognition. There are times when they might use other biometric methods such as facial scans but their primary method is voice and not passwords as we use the majority of the time today. Rarely did they ever use a code or password. Usually the code or password was needed as part of a 2-factor authentication process. Even then for an incredibly important access request such as when they want to start a self-destruct method, they are required to provide the authentication of two users by voice as well as code. This dependence on voice vs passwords for their primary authentication means that they are not vulnerable to the myriad of password vulnerabilities such as bad actors guessing or just randomly generating passwords in order to breach security.
This doesn’t mean that they are totally protected from breaches, since there seem to be few aliens out there in the universe that have the ability to mimic a person’s voice or, in fact, take on the form of the entire person, but they are definitely more protected than they would be if they had relied only on passwords.
Make an Incident Response Plan
Most importantly, Star Fleet required all ships and space stations to establish an Incident Response Plan. There were always processes and plans in place to handle a wide gamut of attacks and possible breaches. Everyone was aware of what these processes and plans were and they performed regular practice drills to make sure they could respond quickly and efficiently. Every time there was a red alert you never saw people run around in a panic. They might have quickly jogged through the corridors but this because they were trying to get to their designated station as quickly as possible.
Star Trek first aired in 1966, 55 years ago. We all seem to have our personal communicators today and even voice-activated computers that control our homes, but we still don’t have transporters. (Though The Fly (1986) might have discouraged any exploration into transporters.) Sci Fi franchises like Star Trek have influenced a lot of what we have and what we experience today. However, when it comes to cybersecurity, there is still a lot we can learn from them.